Indirect transmission of session data

ABSTRACT

The systems and methods described herein can enable the indirect transmission of session data between different domains. The system can pass the session data through a hashing function so that the data from a given domain remains private and secure to the specific domain. The system can generate clusters of associated domains for a given client device that the system can use to maintain a session between the client device and the domain.

CROSS-REFERENCE TO RELATED APPLICATION

This application claims the benefit and priority as a continuation under35 U.S.C. § 120 to U.S. patent application Ser. No. 16/855,952, entitled“Indirect Transmission of Session Data,” filed Apr. 22, 2020, which inturn claims the benefit and priority as a continuation under 35 U.S.C. §120 to U.S. patent application Ser. No. 15/961,763, entitled “IndirectTransmission of Session Data,” filed Apr. 24, 2018, each of which ishereby incorporated by reference in its entirety.

BACKGROUND OF THE DISCLOSURE

When a client device visits a website, the website can transmit smallpackets of data to the client device. The small packets of data caninclude preferences, session information, or information to be used toauthenticate and maintain a session between the client device and thedevice hosting the website. The data stored in the client device by thewebsite can be stored indefinitely or can be purged at regularintervals. In some implementations, to prevent malicious attacks knownas cross-site or cross-domain attacks or undesired behavior, webbrowsers can prevent domains from accessing the data of other domains orfrom storing data on the client device when the client device is not inan active session with the domain.

SUMMARY OF THE DISCLOSURE

In some implementations, through the use of only first-party data, thesystems and methods described herein can enable the indirecttransmission of session data between different domains. The system canuse a deterministic method to determine node clusters that can enablethe transmission control of session data between client devices andother system node devices, without requiring direct communicationsbetween server devices.

The foregoing general description and following description of thedrawings and detailed description are exemplary and explanatory and areintended to provide further explanation of the invention as claimed.Other objects, advantages, and novel features will be readily apparentto those skilled in the art from the following brief description of thedrawings and detailed description.

BRIEF DESCRIPTION OF THE DRAWINGS

The accompanying drawings are not intended to be drawn to scale. Likereference numbers and designations in the various drawings indicate likeelements. For purposes of clarity, not every component may be labeled inevery drawing. In the drawings:

FIG. 1 illustrates a block diagram of a system for the indirectcommunication of data, according to one implementation.

FIG. 2 illustrates a flow diagram of a method for indirectlycommunicating data to enable the selection of customized content,according to one implementation.

FIG. 3 illustrates a flow diagram of an example method for indirectlycommunicating data to enable the selection of customized content,according to one implementation.

FIG. 4 illustrates a flow diagram of an example method for indirectlycommunicating data to enable the selection of customized content,according to one implementation.

FIG. 5 illustrates a block diagram of an implementation of a computersystem for use with the systems and methods discussed herein.

DETAILED DESCRIPTION

The various concepts introduced above and discussed in greater detailbelow may be implemented in any of numerous ways, as the describedconcepts are not limited to any particular manner of implementation.Examples of specific implementations and applications are providedprimarily for illustrative purposes.

When a client device renders a website provided by a content providerand executes the code of the web site, the code can cause small amountsof data to be stored on the client device (e.g., a HyperText TransportProtocol (HTTP) cookie). The data can include stateful informationabout, for example, preferences or previous interactions with thewebsite, or information about the client device (e.g., deviceidentifier, user account, or any other such information). In someimplementations, the data can include an authentication token thatinforms the content provider that the client device previouslyauthenticated with the content provider. The presence of theauthentication token on the client device can mean the client devicedoes not need to re-authenticate with the content provider (e.g.,provide a user name and password again) to receive content from thecontent provider the next time the client device requests content fromthe content provider. Not having to re-authenticate with the contentprovider can save time and bandwidth as the client device does not haveto go through the authentication processes each time the client deviceinteracts with the content provider for additional data.

In some implementations, a content provider can only access data on theclient device that it caused to be stored on the client device. Forexample, the content provider can only access HTTP cookies from domainsthat it operates. In some implementations, the content provider can onlyaccess data on the client device that it caused to be stored therebecause the web browser includes a policy to limit access. Additionally,some countries have implemented regulations that can prevent contentproviders from placing or accessing third-party cookies. In someimplementations, secondary content providers may provide content that isdisplayed along with the primary content from the primary contentprovider. For example, the content provider can provide a website thatincludes secondary content slots. Execution, by the client device, ofthe code associated with the secondary content slots, can cause theclient device to fetch or request secondary content from the secondarycontent providers to render in the secondary content slots. In someimplementations, when providing the secondary content, the secondarycontent providers can also provide data to store on the client device.The data provided by the secondary content providers can be referred toas “third-party” cookies because they are not associated with the domainof the content provider. In some implementations, third-party cookiescan be used to generate or select customized content for the secondarycontent slots.

In some implementations, the third-party cookies can be used forcentralized or single sign-on authentication. For example, a company mayown several domains and an additional domain can manage authenticationof client devices and manage the client device's session with thedomains. However, some web browsers block the use of third-partycookies. For example, only the primary domain can save cookies to theclient device and the web browser can discard or prevent cookies fromdifferent domains. This can prevent single sign-on authentication. Inthis example, because the authentication is processed via a primarydomain that the web browser does not directly visit, the web browser canconsider the authentication domain a third-party domain and blockauthentication tokens (e.g., cookies) from the authentication domain.This can prevent the web browser from authenticating with multipledomains via a central authentication domain.

In some implementations, through the use of only first-party cookies,the systems and methods described herein can enable the indirecttransmission of session data between different domains. Additionally, asdescribed below, the system can pass the session data through a hashingand/or encryption function so that the cookies of a given domain remainprivate and secure to the specific domain. The system can generateclusters of associated domains for a given client device that the systemcan use to select customized content for the client device or maintainan active session across the domains. Thus, the systems and methodsdescribed herein allow for exchange of information between third-partyentities that would be blocked by typical web browsers and othercomputing devices that prevent cross-domain data exchange, withoutrequiring modifications to the browser, direct connections between thethird-party entities, or other such steps. This allows for rich,multi-source content (e.g., web pages with embedded third-party content,mixed media, or other such content), without sacrificing security of theclient device and browser environment. In some implementations, byallowing session data to be retained and passed to third-party servers,some inter-server communications and/or client-server communications maybe reduced or eliminated, reducing bandwidth requirements andpotentially reducing latency and network congestion.

FIG. 1 illustrates a block diagram of an example system 100 for theindirect communication of data. The system 100 can enable thetransmission of customized content to the client device 102. In someimplementations, the content is customized or dynamically selectedresponsive to the indirection communication between the node devices ofthe system 100. The system 100 can include at least a first node device104(1) and a second node device 104(2). The system 100 can include anynumber of node devices, which can be collectively referred to as nodedevices 104. The system 100 can include a communication manager 106. Thecommunication manager 106 can be referred to as a communicationinterface. The components of the system 100 can communicate over anetwork 110. In some implementations, the network 110 may include a LANnetwork, a Wi-Fi network, a cellular network, a wide area network (WAN),a telephone network, such as the Public Switched Telephone Network(PSTN), a wireless link, a satellite link, a device-to-device meshnetwork, an intranet, the Internet, or combinations thereof.

The client device 102 can be any computing or other data processingdevice that includes one or more processors. For example, the clientdevice 102 can be a mobile device, such as a mobile phone, tablet, orlaptop computing device; a wearable computing device; a networkedappliance (e.g., an Internet-of-Things or IoT appliance); a singlecomputing device, such as a work station, laptop, or desktop computer;or multiple computing devices, such as a computer cluster, or serverfarm. In some implementations, the client device may comprise a virtualdevice executed by one or more hardware devices.

The client device 102 can render content provided by the node devices104 and the communication manager 106. For example, the client device'sprocessors can execute a web browser (or other user agent) thatgenerates content requests. In some implementations, the client device102 can transmit a content request to one of the node devices 104. Inresponse to the content request, the recipient node device 104 canprovide primary content (e.g., a web page, data file, media file, orother such content) to the client device 102. The primary content caninclude one or more content slots for secondary content, sometimesreferred to as embedded content (e.g., images, media, executablescripts, etc. provided from another source or server). The content slotscan include code that when executed by the client device 102 cause theclient device 102 to request or retrieve secondary content from asecondary content server, which can be the communication manager 106 oranother content provider. In some implementations, the secondary contentcan be provided by the node device 104 providing the primary content ora different node device 104.

In some implementations, the client device 102 can receive and storedata from one or more of the node devices 104. The data can be stored inthe form of a HTTP “cookie.” The cookie for a specific node device 104can include stateful information that the node device 104 can use duringcurrent and future communication sessions. For example, the statefulinformation can include preferences, previously provided form fielddata, authentication tokens, or other settings. In some implementations,each of the cookies can expire. The client device 102 can delete thecookie once the cookie has expired. The cookie can expire when aduration specified by the cookie's time-to-live (TTL) flag is reached.In some implementations, the client device 102 can automatically purgethe cookies after a predetermined duration. For example, the clientdevice 102 can automatically purge the cookie after 1 to 30 days or whenthe browser session is closed.

In some implementations, a node device 104 can only save data to theclient device 102 when the client device's browser is viewing contentfrom a domain associated with the node device 104. In someimplementations, a node device 104 can only access cookies or datastored on the client device 102 if the data is associated with thedomain of the node device 104. For example, a browser executed by theclient device 102 can allow first-party cookies and block third-partycookies, or only allow cookies from a server that is associated with thedomain of a currently displayed web page (e.g., when browsing a page atthe URL “www.example.com/index.html” that includes an embedded imagefrom “www.anotherexample.com/image.jpg”, allowing cookies from theexample.com server, but not allowing cookies from the anotherexample.comserver). This may be done to prevent cross-site attacks, such as wherean embedded script attempts to access user data or cookies associatedwith the primary domain.

The communication manager 106 can be any type of data processing system.The communication manager 106 can include one or more processors. Insome implementations, the data processing system can be a singlecomputer, computer cluster, or server farm. In some implementations, thedata processing system may comprise a virtual device executed by one ormore hardware devices.

The communication manager 106 can enable the transmission or sharing ofdata between the node devices 104 of the system 100 without the use ofthird-party cookies. The communication manager 106 can serve as acooperative between the node devices 104. The communication manager 106can generate deterministic identifiers or cluster identifiers that canbe used to enable the node devices 104 to provide customized content orcontent from secondary content providers without the use of third-partycookies. The communication manager 106 can also enable multiple nodedevices 104 to share session information. In some implementations, thecommunication manager 106 can generate the cluster identifiers usingonly first-party cookies. The clusters can include indications offirst-party cookies that are associated with the same browser instance.In some implementations, the content of the cookies from a specific nodedevice 104 is not shared with the communication manager 106 or the othernode devices 104. For example, the content of the cookies can be passedthrough a hashing function, crypt-hashing function, or encrypted priorto transmission to the communication manager 106. The hashing functionsdescribed herein can be crypt-hashing functions, such as SHA-512. Thecommunication manager 106 can generate new encryption keys atpredetermined intervals. For example, the communication manager 106 cangenerate new keys daily, weekly, or monthly. The communication manager106 can transmit the keys to authorized content providers to enable thecontent providers to decrypt the encrypted cluster identifiers andprovide customized content based on the cluster identifiers. The contentproviders can also pull or fetch the keys from the communication manager106 at predetermined intervals. Rotation of the encryption keys can alsoenable the communication manager 106 to enforce content policies. Forexample, if a content provider violates a content policy, thecommunication manager 106 can determine to not transmit or provideupdated keys to the content provider, which would prevent the contentprovider from selecting custom content based on the encrypted clusteridentifiers.

The communication manager 106 can include a connection manager 112 thatcan manage a connection database 114. The communication manager 106 caninclude a cluster manager 116 that can manage a cluster database 118.The connection database 114 can include a hash (or other form of) table.The hash table stored in the connection database 114 can include aplurality of keys 120 that are each associated with values 122. The keys120 can be hashes that are generated based on data from the clientdevice 102. The values 122 can indicate which of the node devices 104the client device 102 initiated communications with. In someimplementations, the hash can be generated by concatenating anindication of a user agent and a network location (and, in manyimplementations, by performing a hashing function on the concatenatedinput). For example, and as described further below, when generating acontent request, the client device 102 can include the client device'suser agent information and IP address in the content request. The useragent information and IP address can be relayed to the communicationmanager 106, which can pass the data through a hashing function togenerate the hash that is stored as the key 120. In someimplementations, the node device 104 can generate the hash and transmitthe hash (and not the user agent information and IP address) to thecommunication manager 106. Transmitting a hash to the communicationmanager 106 can obviate or reduce the amount of user agent informationand IP addresses that the communication manager 106 receives and stores.Associated with each key 120 (e.g., each hash value), the connectionmanager 112 can store an indication of which node device 104 providedthe hash. Although primarily discussed in terms of user agentinformation and IP address, other information may be used as inputs tothe hashing function, including port numbers, media access control (MAC)addresses, application names, application versions, usernames, devicetypes, or any other such information.

The cluster database 118 can include a table with a plurality of keys124 that are each associated with a value 126. The keys 124 can each bea cluster identifier. The cluster identifier can also be referred to asa node identifier. In some implementations, the cluster identifier canbe a hash of a cookie (or other data previously stored on the clientdevice 102). The hash can be concatenated with a time stamp (or othersources of entropy, such as a random number generator or pseudo randomnumber generator output, a counter value, a sequence number, or anyother such data). For example, a given node device 104 may place acookie on the client device 102. The cookie can be relayed thecommunication manager 106 (directly or through a node device 104). Thecluster manager 116 can then use the cookie to generate a clusteridentifier that is associated with the transmitting node device 104 andclient device 102. By concatenating the time stamp or other data to thehash, the cluster identifier becomes one-time only so that third partiescannot take advantage of the cluster identifier via re-use.

In some implementations, the cluster identifier is generated by the nodedevices 104. In these implementations, the node device 104 thatgenerated (or received) the cookie from the client device 102 generatesthe cluster identifier and does not transmit the cookie to thecommunication manager 106. This can increase privacy and securitybecause the communication manager 106 only receives a hash of the cookieand does not receive the cookie itself.

In some implementations, the node device 104 can encrypt the hash withthe public key of the communication manager 106. The values 126 caninclude an identification of the node device 104 that are associatedwith the cluster identifier. For example, if a cluster identifier isassociated with both the node device 104(1) and the node device 104(2),the client device 102 for which the cluster identifier was generatedpreviously visited both the node device 104(1) and the node device104(2). Additionally, in this example, both of the node devices 104(1)and 104(2) stored data (e.g., cookies) on the client device 102. In someimplementations, each element in the values 126 can be a hash of acookie associated with the cluster identifier. For example, the clusteridentifier can be the key 124 to a value 126 that includes {hash(cookiefrom node device 104(1)), hash(cookie from node device 104(2))}. Thecookies used to generate the hashes associated with a given key 124 canbe associated with a given client device 102. Because only hashes of thecookies are shared between the node devices 104 and the communicationmanager 106, security and a user's privacy can be protected.

FIG. 2 illustrates flow diagram of an example method 200 for indirectlycommunicating data to enable the selection of customized content. Insome implementations, the steps of the method 200 can be performed byone or more of the components of the system 100. For example, asillustrated in FIG. 2, the client device 102 can perform the stepsillustrated in column 202, the node device 104(2) can perform the stepsillustrated in column 204, the node device 104(1) can perform the stepsillustrated in column 206, and the communication manager 106 can performthe steps illustrated in column 208. In other implementations, some orall of these functions or steps may be performed by a single device orgroup of devices.

In some implementations, prior to the client device 102 requestingcontent from the node device 104(1), the method 200 can include the nodedevices 104 transmitting connection information to the communicationmanager 106 (step 210). While the method 200 is illustrated using twonode devices 104, the method 200 can be performed using any number ofnode devices 104. At regular intervals or when requested by thecommunication manager 106, the node devices 104 can transmit theconnection information to the communication manager 106. The connectioninformation can include user agent information and network locationinformation for the connections established between client devices 102and the respective node device 104 over a given period of time. The useragent information can be the name and version of the software that theclient device 102 uses to establish a connection with the node device104. For example, the user agent can be the web browser that establishesthe connection. The network location can be the IP address and/or portassociated with the user agent.

In one example, at a predetermined time (e.g., midnight, hourly, everyminute, etc.), each of the node devices 104 can transmit anidentification of each of the user agents with which the node device 104established a connection and the respective network location (e.g., IPaddress) associated with the user agent. In some implementations, thenode device 104 can generate a hash by concatenating the user agent andthe network address information. The concatenated information can beprocessed with a hashing function to generate a hash value of apredetermined size. The hash value, rather than the user agent andnetwork location information, can be transmitted to the communicationmanager 106 such that only the node device 104 with which the clientdevice 102 established a connection is in possession of the connectioninformation.

The method can include the communication manager 106 receiving theconnection information from each of the node devices 104 (step 211). Insome implementations, the communication manager 106 can poll the nodedevices 104 to request the connection information from node devices 104.In some implementations, the connection information can expire or thecommunication manager 106 can delete the connection information (orhashes thereof) at regular intervals. For example, the communicationmanager 106 can delete the connection information every day, week, ormonth.

The method 200 can include generating the connection table or database114 (step 212). The connection manager 112 can generate the connectiondatabase 114. A hash of the user agent and network location receivedfrom the node devices 104 can be used as the key value 120 in theconnection database 114. The node devices 104 can generate the hashprior to transmitting the connection information to the communicationmanager 106 or the connection manager 112 can generate the hash uponreceiving the network connection information. The connection manager 112can add each of the hashes to the connection database 114 as keys 120.For each key 120 (e.g., each hash), the connection manager 112 can thenappend to the value 122 an identification of which node device 104provided the connection information. The connection manager 112 can alsoappend a TTL element that indicates by which time the associated valueshould be purged or deleted from the connection database 114. In someimplementations, storing an indication of a given node device 104 with agiven hash can indicate that the client device 102 for which the hashwas generated established a network connection with the given nodedevice 104. The given node device 104 may not have stored a cookie onthe client device 102 when the network connection was established.

For example, if the node device 104(1) provided the hash “99a74fbe” tothe connection manager 112, at key location 99a74fbe, the node deviceidentifier and a time-to-live (TTL) element can be saved. In thisexample, the key-value pair can be 99a74fbe: {(N1, 2017-11-1111:12:01)}, where N1 is the identifier for node device 104(1) and2017-11-11 11:12:01 is the TTL indicating the date and time when thevalue should be purged from the connection database 114 (in otherimplementations, TTL may be expressed as a single number, such as anumber of seconds from an epoch time, or a starting value of a counteror timer). If the node device 104(2) also provided the hash “99a74fbe”,the connection manager 112 would update the connection database 114 suchthat the key-value pair becomes 99a74fbe: {(N1, 2017-11-11 11:12:01),(N2, 2017-11-11 11:12:01)}. The TTL value can be selected by theconnection manager 112 according to a policy. For example, the valuescan be set to expire every hour, day, week, or month. In someimplementations, user of a client device 102 may wish to not receivecustomized content. The user can register with the communication manager106. When the communication manager 106 detects a user agent, IPaddress, or hash associated with the user, the communication manager 106may discard the received information and not make an entry in theconnection database 114 for the user.

The method 200 can include generating a connection request (step 213).The client device 102 can generate the connection request and therequest can be transmitted to one of the node devices 104. In someimplementations, the connection request can be generated at a time afterthe steps discussed in relation to steps 210-212.

As illustrated in FIG. 2, the connection request can be a request forcontent that is transmitted to the node device 104(1). The connectionrequest can be the request from a web browser (or another user agent),executed by the client device 102, to request a webpage hosted by thenode device 104(1). In some implementations, the request can includedata previously stored by the node device 104 on the client device 102.For example, the request can include a first-party cookie that waspreviously stored on the client device 102 by the node device 104 towhich the client device 102 is transmitting the request (e.g., nodedevice 104(1)). In some implementations, the first-party cookie caninclude a cluster identifier, which can be updated through the method200. In some implementations, the cluster identifier can be used, by acontent provider, to select custom content, determine the distributionof content, or conduct fraudulent detection. For example, the clusteridentifier can be embedded within a tag used in making a content requestto a content provider. In some implementations, the cluster identifiercan be transmitted to the client device 102 in response to receiving theconnection request.

The method 200 can include generating a request for a candidate nodedevice (step 214). Responsive to receiving the request for content, thereceiving node device 104(1) can generate a request for a candidate nodedevice. In some implementations, the node device 104(1) can transmit therequest to the communication manager 106 with an indication of the nodedevice 104(1) as a URL parameter. In other implementations, theindication of the node device may be included in other portions of apacket, such as a header options field. The node device 104(1) cantransmit the request for a candidate node to the communication manager106. The candidate node device (also referred to as a candidate device)can be a node device 104 that may have a first-party cookie stored onthe client device 102.

The method 200 can include determining a candidate node device (step215). In some implementations, the request from the node device 104(1)can include an indication of the user agent and IP address of the clientdevice 102 that generated the request for content at step 213. Theconnection manager 112 can generate a hash from the indication of theuser agent and the IP address. The connection manager 112 can use thehash to determine the candidate node device. The candidate node can beone or more of the node devices 104 saved as values 122 for the key 120associated with the calculated hash. In some implementations, aplurality of node devices 104 can be associated with a given hash. Theconnection manager 112 can select one or more of the node devices 104associated with the hash as the candidate node or node devices.

The method 200 can include determining if the connection with thecandidate node has expired (step 216). As described above, each of thevalues stored in the connection database 114 can be associated with aTTL. The connection manager 112 can determine if the TTL has passed. Ifthe TTL has passed, the connection manager 112 can delete the candidatenode from the connection database 114 (step 217). For example, thecandidate node can be deleted from the value 122 that is associated withthe hash. In some implementations, the connection manager 112 canperiodically parse the connection database 114 to determine if any ofthe values 122 in the connection database 114 should be deleted. Thestep of determining a candidate node can be repeated until a non-expiredcandidate node is determined.

An indication of the candidate node can be transmitted to the nodedevice 104 (step 218). The indication of the candidate node can beencrypted during transmission to the node device 104(1). The method 200can include generating a request response (step 219). The node device104(1) can generate a response to the request generated at step 213. Theresponse can be, for example, a web page with content that the nodedevice 104(1) selected responsive to the request generated at step 213.The node device 104(1) can incorporate the indication of the candidatenode into the response. For example, the node device 104(1) can generatea pixel (e.g., a pixel of an image in the response, or an embedded linkto a 1 pixel by 1 pixel image, which may require minimal resources totransfer) that will cause the client device to automatically generate arequest to the candidate node when the web page is rendered by theclient device 102. For example, the pixel, sometimes referred to as apixel tag or tracking pixel, may include an HTML image tag linking to a1 pixel by 1 pixel image at a node device with additional parameters tobe included in the URL of a GET request (e g , as parameter-valuepairs). In other implementations, other systems may be used toincorporate the indication of the candidate node device, such as arequest for an embedded script, style sheet, media file, or other suchrequest with additional parameters, or an executable command that causesthe browser or application to transmit a request (e.g., a POST or GETrequest with parameter-value data).

Although generally discussed in terms of pixel tags, in manyimplementations, other such methods may be used. For example, full-pageredirects can be used. In this example, the links within a webpage maycomprise a full-page redirect. The original links of the webpage can bemodified or replaced with links that point to the candidate node device.The location identified by the original link to be included in themodified link as a URL parameter. Once rendered, if the link is selectedit can direct the client device's browser to the candidate node device,which can redirect the browser to the location identified by theoriginal link. The web page can include one or more content slots. If aninitial cluster identifier was provided to the node device 104(1), thecluster identifier can be embedded in a tag of the content slots. Thecluster identifier can be transmitted with a content request for contentto fill the content slots. The node device 104(1) can provide thecluster identifier rather than or in addition to a HTTP cookie.

The method 200 can include rendering the response (step 220). Forexample, the client device's web browser (or user agent) can render theweb page (e.g., the response) provided by the node device 104(1). Whenrendering the web page, the client device 102 can process the pixel thatincludes instructions to generate a request to the candidate nodedevice. If an initial cluster identifier was embedded in a tag of thecontent slots, code of the content slot can cause the cluster identifierto be transmitted to a secondary content provider.

The client device can generate a pixel request (step 221). The pixelrequest can be a request that the client device 102 generates responsiveto rendering the pixel that includes the instructions for communicatingwith the candidate node device. The client device 102 transmits thepixel request to the candidate node device (e.g., node device 104(2) inFIG. 2). The request can include a node identifier for the node device104(1) that generated the pixel (e.g., node device 104(1)). The nodeidentifier can be included in a URL parameter of the pixel request. Insome implementations, the pixel request can cause the user agent totransmit, to the candidate node device, data previously stored on theclient device 102 by the candidate node device. For example, the clientdevice 102 may have previously requested a webpage from the candidatenode device. In fulfilling the response, the candidate node may havestored a cookie on the client device 102.

The method 200 can include the candidate node generating a notification(step 222). The candidate node can transmit the notification to thecommunication manager 106. The notification can include theidentification of the candidate node and the identification of the nodeto which the original request in step 213 was transmitted (e.g., nodedevice 104(1)).

The method 200 can include updating a node cluster (step 223). The nodecluster that is updated can be identified by a cluster identifier. Thecommunication manager 106 can update the node cluster responsive toreceiving the notification from step 222. The cluster manager 116 canparse through the cluster database 118 to identify the clusterassociated with the node device 104(1). The cluster manager 116 canappend an identification of the candidate node to the list of nodedevices 104 stored in association with the node device 104(1). Thecommunication manager 106 can transmit the cluster identifier to thenode device 104.

The node device 104(1) can receive the cluster identifier (step 224). Insome implementations, the node device 104(1) can store the clusteridentifier in association with an identification of the client device102. The node device 104(1) can transmit the cluster identifier to theclient device 102 in the form of a HTTP cookie.

In some implementations, responsive to a subsequent request from theclient device 102, the node device 104(1) can embed the clusteridentifier into a content slot of the request. The content request canbe a second, subsequent content request that is transmitted to the nodedevice 104(1) from the client device 102. For example, the secondcontent request can be for a second web page of a domain associated withthe node device 104(1). In one example, when the webpage is rendered atstep 220, the webpage can include a link to a second webpage. Selectingthe link can cause the web browser to generate the content request towhich the node device 104(1) can provide the content for the secondwebpage. The second webpage can include a content slot with the clusteridentifier embedded in a tag. In some implementations, the clusteridentifier can be transmitted to the client device 102 and storedlocally at the client device 102 in a cookie. The client device 102 canprovide the cookie (and cluster identifier) to the node device 104(1)when transmitting subsequent requests to the node device 104(1).

The method 200 can include generating, by the client device, a contentrequest that includes the cluster identifier (step 225). In someimplementations, the content (e.g., the second web page in the aboveexample) provided to the client device 102 can include one or morecontent slots that include instructions for requesting or fetchingcontent to fill the one or more content slots. The client device 102 canexecute the instructions of the content slots and generate a contentrequest that includes the cluster identifier.

The client device 102 can transmit the content request (with the clusteridentifier) to the communication manager 106, which can select a contentitem (step 226). In some implementations, the content request can betransmitted to a content provider (e.g., the node device 104) other thanthe communication manager 106. For example, the content provider can bea secondary content server or publisher. The node device 104 can provideprimary content in the form of a web page, and the content provider canprovide the content for the content slot that included the embeddedcluster identifier. The content for the content slot can be selectedbased on the cluster identifier. For example, the cluster identifier canidentify to the communication manager 106 (or other secondary contentservers) other websites (or node devices 104) the user agent recentlyvisited, such as a clothing store. In this example, based on the clusteridentifier, the content item to fill the content slot may be related tothe clothing store.

The communication manager 106 can transmit the content to the clientdevice 102 (step 227). The user agent can render the content into thecontent slot. In another example, a plurality of websites may bedistributed across a plurality of node devices 104. Each of the nodedevices 104 may host a different domain. The domains may share a commonlogin page. In this example, rather than provide content that isrendered and displayed to a user, the cluster identifier can be used toselect a token that is used to authenticate the client device 102 acrosseach of the domains.

FIG. 3 illustrates a flow diagram of an example method 300 forindirectly communicating data to enable the selection of customizedcontent. In some implementations, the client 102 can communicatedirectly with the communication manager 106 to receive a clusteridentifier from the communication manager 106. For example, asillustrated in FIG. 3, the client device 102 can initiate communicationwith communication manager 106 with a request for the cluster identifier(which may include, for example, performing authentication, handshaking,or any other connection establishment and/or authorization procedures).A system where the client device 102 can communicate directly with thecommunication manager 106 can have easier adoption because the code ofthe webpage does not need to be updated to instruct the client device102 to initially establish a connection with the node device 104(1).

In the method 300, as illustrated in FIG. 3, in some implementations,the client device 102 may not directly communicate with the node device104(1) or some communications may traverse a different path that doesnot include the node device 104(1). For example, the client device 102can communicate with the communication manager 106 without using thenode device 104(1) as an intermediary. The steps of the method 300 canbe performed by one or more of the components of the system 100. Forexample, as illustrated in FIG. 3, the client device 102 can perform thesteps illustrated in column 302, the node device 104(2) can perform thesteps illustrated in column 304, the node device 104(1) can perform thesteps illustrated in column 306, and the communication manager 106 canperform the steps illustrated in column 308. In other implementations,some or all of these functions or steps may be performed by a singledevice or group of devices.

In some implementations, prior to the client device 102 generating aconnection request, the method 300 can include the node devices 104transmitting connection information to the communication manager 106(step 310). While the method 300 is illustrated using two node devices104, the method 300 can be performed using any number of node devices104. At regular intervals or when requested by the communication manager106, the node devices 104 can transmit the connection information to thecommunication manager 106. The connection information can include useragent information and network location information for the connectionsestablished between client devices 102 and the respective node device104 over a given period of time. The user agent information can be thename and version of the software that the client device 102 uses toestablish a connection with the node device 104, or any other suchinformation, which may be in plaintext or encrypted. For example, theuser agent can be the web browser that establishes the connection. Thenetwork location can be the IP address and/or port associated with theuser agent.

In one example, at a predetermined time (e.g., midnight, hourly, everyminute, etc.), each of the node devices 104 can transmit anidentification of each of the user agents with which the node device 104established a connection and the respective network location (e.g., IPaddress) associated with the user agent. In some implementations, thenode device 104 can generate a hash by concatenating the user agent andthe network address information. The concatenated information can beprocessed with a hashing function (e.g., MD5, SHA256, etc.) to generatea hash value of a predetermined size. The hash value, rather than theuser agent and network location information, can be transmitted to thecommunication manager 106 such that only the node device 104 with whichthe client device 102 established a connection is in possession of theconnection information. In some implementations, additional data may beadded to the concatenated information (e.g., separators, such as commasor semicolons; time stamps; random data, to be used as salt for the hashfor extra entropy; etc.).

The method can include the communication manager 106 receiving theconnection information from each of the node devices 104 (step 311). Insome implementations, the communication manager 106 can poll the nodedevices 104 to request the connection information from node devices 104.In some implementations, the connection information can expire or thecommunication manager 106 can delete the connection information (orhashes thereof) at regular intervals. For example, the communicationmanager 106 can delete the connection information every day, week, ormonth.

The method 300 can include generating the connection table or database114 (step 312). The connection manager 112 can generate the connectiondatabase 114. A hash of the user agent and network location receivedfrom the node devices 104 can be used as the key value 120 in theconnection database 114. The node devices 104 can generate the hashprior to transmitting the connection information to the communicationmanager 106 or the connection manager 112 can generate the hash uponreceiving the network connection information. In some implementations inwhich the node devices generate the hash, the communication manager 106and/or connection manager 112 may not be able to decrypt the hash orrecover the original input (that is, the hashing function may comprise acryptographically secure hashing function). The connection manager 112can add each of the hashes to the connection database 114 as keys 120.For each key 120 (e.g., each hash), the connection manager 112 can thenappend to the value 122 an identification of which node device 104provided the connection information. The connection manager 112 can alsoappend a TTL element that indicates by which time the associated valueshould be purged or deleted from the connection database 114. In someimplementations, storing an indication of a given node device 104 with agiven hash can indicate that the client device 102 for which the hashwas generated established a network connection with the given nodedevice 104. The given node device 104 may not have stored a cookie onthe client device 102 when the network connection was established.

For example, if the node device 104(1) provided the hash “99a74fbe” tothe connection manager 112, at key location 99a74fbe, the node deviceidentifier and a time-to-live (TTL) element can be saved. In thisexample, the key-value pair can be 99a74fbe: {(N1, 2017-11-1111:12:01)}, where N1 is the identifier for node device 104(1) and2017-11-11 11:12:01 is the TTL indicating the date and time when thevalue should be purged from the connection database 114 (in otherimplementations, TTL may be expressed as a single number, such as anumber of seconds from an epoch time, or a starting value of a counteror timer). If the node device 104(2) also provided the hash “99a74fbe”,the connection manager 112 would update the connection database 114 suchthat the key-value pair becomes 99a74fbe: {(N1, 2017-11-11 11:12:01),(N2, 2017-11-11 11:12:01)}. The TTL value can be selected by theconnection manager 112 according to a policy. For example, the valuescan be set to expire every hour, day, week, or month. In someimplementations, user of a client device 102 may wish to not receivecustomized content. The user can register with the communication manager106. When the communication manager 106 detects a user agent, IPaddress, or hash associated with the user, the communication manager 106may discard the received information and not make an entry in theconnection database 114 for the user.

The method 300 can include generating a request (step 313). The clientdevice 102 can generate the request and the client device 102 cantransmit the request to the communication manager 106. In someimplementations, the request can be generated at a time after the stepsdiscussed in relation to steps 310-312. The request can be a request fora cluster identification or an identification of a plurality ofcandidate node devices. The candidate node can be a node that previouslyestablished a connection with the communication manager 106, such as thenode device 104(1). In some implementations, the processor executableinstructions that, when executed by the client device 102, cause theclient device 102 to generate the request can be in the header of awebpage. The client device 102 can render or otherwise process theinstructions prior to rendering the main content of the webpage.

As illustrated in FIG. 3, the request can be a request for a clusteridentification. The request can be generated by a web browser (oranother user agent), executed by the client device 102. In someimplementations, the request can include data previously stored by thenode device 104 on the client device 102. For example, the request caninclude a first-party cookie that was previously stored on the clientdevice 102 by a node device 104. In some implementations, thefirst-party cookie can include a cluster identifier, which can beupdated through the method 300. In some implementations, the clusteridentifier can be used, by a content provider, to select custom content,determine the distribution of content, or detect fraudulent detection.The client device 102 can transmit the request to the communicationmanager 106 as a URL parameter. In other implementations, the indicationof the node device may be included in other portions of a packet, suchas a header options field.

The method 300 can include determining a candidate node device (step314). In some implementations, the request from the client device 102can include an indication of the user agent and IP address of the clientdevice 102 that generated the request at step 313. The connectionmanager 112 can generate a hash from the indication of the user agentand the IP address. The connection manager 112 can use the hash todetermine the candidate node or candidate node devices. For example, theconnection manager 112 may compare the generated hash with a hashreceived from the candidate node or candidate node devices. Thecandidate node can be one or more of the node devices 104 with hashvalues saved as values 122 for the key 120 associated with thecalculated hash. In some implementations, a plurality of node devices104 can be associated with a given hash. The connection manager 112 canselect one or more of the node devices 104 associated with the hash asthe candidate node or node devices.

The method 300 can include determining if the connection with thecandidate node has expired (step 315). As described above, each of thevalues stored in the connection database 114 can be associated with aTTL. The connection manager 112 can determine if the TTL has passed. Ifthe TTL has passed, the connection manager 112 can delete the candidatenode from the connection database 114 (step 316). For example, thecandidate node can be deleted from the value 122 that is associated withthe hash. In some implementations, the connection manager 112 canperiodically parse the connection database 114 to determine if any ofthe values 122 in the connection database 114 should be deleted. Thestep of determining a candidate node can be repeated until a non-expiredcandidate node is determined. An indication of the candidate node can betransmitted to the client device 102 (step 317). With the candidate nodedevice, the communication manager 106 can also transmit an indication ofthe node device 104(2) to the client device 102.

The method 300 can include rendering the response (step 318). Forexample, the client device's web browser (or user agent) can render theweb page (e.g., the response). The web page can include JavaScript orother processor executable code. When rendering the executable code, theclient device 102 can process the indication of the node device 104(2)and establish a connection with the node device 104(2). For example, theindication of the node device 104(2) can include a URL corresponding tothe node device 104(2) with which the client device 102 can establish aconnection with the node device 104(2). After establishing a connectionwith the node device 104(2) or while establishing a connection with thenode device 104(2), the client device 102 can transmit the indication ofthe candidate node device (e.g., the node's node identifier) to the nodedevice 104(2). For example, the indication of the candidate node can bepassed to the node device 104(2) as a URL parameter. In someimplementations, the client device 102 can also transmit a cookie to thenode device 104(2). The cookie can be a cookie associated with the nodedevice 104(2). For example, the node device 104(2) may have previouslyprovided the cookie to the client device 102 when the client device 102established communication with the node device 104(2) (e.g., downloadeda webpage provided by the node device 104(2)).

The method 300 can include the node device 104(2) generating anotification (step 319). The node device 104(2) can transmit thenotification to the communication manager 106. The notification can be aserver side notification. The notification can include theidentification of the candidate node device (e.g., node device 104(1))and an identification of the node device 104(2). In someimplementations, the node device 104(2) (and other node devices 104 inthe system) can include a sub-domain that is configured to communicatewith the communication manager 106. For example, the sub-domain can bemanaged by the communication manager 106 under the domain of the nodedevices 104.

The method 300 can include updating a node cluster (step 320). The nodecluster that is updated can be identified by a cluster identifier. Thecommunication manager 106 can update the node cluster responsive toreceiving the notification from step 319. The cluster manager 116 canparse through the cluster database 118 to identify the clusterassociated with the node device 104(2). The cluster manager 116 canappend an identification of the candidate node device (e.g., node device104(1)) to the list of node devices 104 stored in association with thenode device 104(2). The communication manager 106 can transmit thecluster identifier to the client device 102. The client device 102 canstore the cluster identifier in the form of a HTTP cookie.

In some implementations, responsive to rendering a subsequent web page,the client device 102 can generate a content request (step 321). Theclient device 102 can embed the cluster identifier into a request forcontent for a content slot of the web page. For example, the clientdevice 102 can provide the cluster identifier to a content provider. Thecluster identifier can be provided in the form of an HTTP cookie or aURL parameter. The content provider can be the communication manager 106or can be a separate computing device.

The client device 102 can transmit the content request (with the clusteridentifier) to the communication manager 106, which can select a contentitem (step 322). In some implementations, the content request can betransmitted to a content provider (e.g., one of the node devices 104)other than the communication manager 106. For example, the contentprovider can be a secondary content server or publisher. The node device104 can provide primary content in the form of a web page, and thecontent provider can provide the content for the content slot thatincluded the embedded cluster identifier. The content for the contentslot can be selected based on the cluster identifier. For example, thecluster identifier can identify to the communication manager 106 (orother secondary content servers) other websites (or node devices 104)the user agent recently visited, such as a website of a retailer. Inthis example, based on the cluster identifier, the content item to fillthe content slot may be related to the retailer.

The communication manager 106 can transmit the content to the clientdevice 102 (step 323). The user agent can render the content into thecontent slot. In another example, a plurality of websites may bedistributed across a plurality of node devices 104. Each of the nodedevices 104 may host a different domain. The domains may share a commonlogin page. In this example, rather than provide content that isrendered and displayed to a user, the cluster identifier can be used toselect a token that is used to authenticate the client device 102 acrosseach of the domains.

FIG. 4 illustrates a flow diagram of an example method 400 forindirectly communicating data to enable the selection of customizedcontent. The method 400 can use link decoration and URL parameters toenable indirect data communication. The column 402 indicates actionsthat can be performed by the client device 102. The column 404 and thecolumn 406 can indicate actions performed by the node device 104(1) andnode device 104(2) or by processor executable instructions provided bythe node device 104(1) and the node device 104(2), respectively. Forexample, the columns 404 and 406 can indicate actions performed by theclient device 102 on processor executable instructions included in webpages provided by the node device 104(1) and the node device 104(2),respectively. The column 408 can include steps performed by thecommunication manager 106.

The client device 102 can establish a connection with the node device104(1) (step 410). For example, a web browser executed by the clientdevice 102 can establish a connection with the node device 104(1) torequest a web page hosted by the node device 104(1). The web page caninclude one or more tags that can include JavaScript or other processorexecutable instructions.

The method 400 can include the client device 102 rendering (or beginningto render) the web page received from the node device 104(1). Whenrendering the web page, the client device's web browser can execute theprocessor executable instructions included in the web page, such asthose of one or more tags. Executing the processor executableinstructions can cause the web browser to request a first identificationfrom the client device 102 (step 411). The first identification can bean identification that corresponds to the node device 104(1). The firstidentification can be included in a HTTP cookie that the node device104(1) stored on or provide to the client device 102. The client device102 can provide the first identification to the service executing theprocessor executable instructions of the web page (step 412).

The processor executable instructions of the web page can cause thebrowser to decorate one or more links of the web page (step 313).Decorating the links can include appending or incorporating the firstidentification into the links, and may be variously referred to asdecorating links, modifying links, aggregating identifications withlinks, or by other such terms. The first identification can be encryptedbefore being incorporated into a link. The encrypted firstidentification can be incorporated into the link as a URL parameter.Once the links are decorated, the web browser executing on the clientdevice 102 can complete the rendering of the web page and display theweb page to the user of the client device 102.

In some implementations, decorating the link can include modifying orchanging the web location to which the link originally is directed. Forexample, originally the link can include the web location of a thirdnode device. The decoration of the link can include replacing the weblocation of the third node device with the web location of the secondnode device 104(2) such that activation of the decorated link causes theclient device 102 to establish a connection (at least originally) withthe second node device 104(2) and not the third node device. The weblocation of the third node can be included in the decorated link as aURL parameter (e.g., a parameter value pair for inclusion after the URL,such as “?v=http://www.example.com”). One the client device 102establishes a connection with the second node device 104(2), via thedecorated link, the second node device 104(2) can use the web locationin the URL parameter to automatically redirect the client device 102 tothe web location of the third node device. For example, automaticredirection can cause a browser executing on the client device 102 toestablish a connection with the third node without further input from auser.

After the web page is rendered, one of the decorated links can beselected (step 414). For example, the user can select or click on thelink, which can cause the web browser, executed by the client device102, to establish a connection with the node identified in the decoratedlink (e.g., the node device 104(2)). Once the client device 102establishes a connection with the node device 104(2), the client device102 can receive, for example, a web page or other processor executableinstructions. The client device 102 can process the processor executableinstructions to fetch the identification the first identification (step415). The first identification can be provided in the selected link as aURL parameter. The processor executable instructions from the nodedevice 104(2) can also cause the client device 102 to request a secondidentification (step 416). The second identification can be anidentification that corresponds to the node device 104(2). The secondidentification can be included in a HTTP cookie that the node device104(2) can store on or provide to the client device 102. The clientdevice 102 can provide the second identification to the serviceexecuting the processor executable instructions of the web page (step417). The service executing the processor executable instructionsprovided by the node device 104(2) can link the first and the secondidentifications and transmit the linked first and second identificationsto the communication manager 106 (step 418). The communication manager106 can receive the first and second identifications (step 419). Oncethe communication manager 106 receives the first and secondidentifications, the communication manager 106 can store theidentifications in association with one another. For example, thecommunication manager 106 can store the first and second identificationsin association with the same cluster identifier.

Accordingly, disclosed herein are systems and methods for indirectlycommunicating between networked node devices. According to an aspect ofthe disclosure, a system for indirect communication between networkednode devices can include a data processing system that has at least oneprocessor. The data processing system can be configured to receive anindication of a user agent and a network location of a first clientdevice in communication with the first node device. The data processingsystem can be configured to determine a candidate node from a pluralityof node devices based on a hash of the user agent and the networklocation of the first client device in communication with the first nodedevice. The data processing system can be configured to transmit to thefirst node an indication of the candidate node to transmit to the firstclient device. The data processing system can be configured to receive,from the candidate node device, a notification generated responsive tofirst client device transmitting a first set of data packets to thecandidate device. The data processing system can be configured to add anindication of the candidate node to a node cluster comprising the firstnode device. The data processing system can be configured to select acontent item based on the node cluster. The data processing system canbe configured to transmit the content item to the first client device.

In some implementations, the data processing system embeds theindication of the candidate node into a pixel configured to initiatecommunication with the candidate node device. The first set of datapackets can include data previously stored on the first client device bythe candidate node device, such as a HTTP cookie, and an identificationof the first node device. The notification can include an identificationof the candidate node and an identification of the first node device.

In some implementations, the data processing system can be configured totransmit a cluster identifier of the node cluster to a second nodedevice. The data processing system can be configured to receive thecluster identifier from the client device responsive to the clientdevice communicating with the second node device. In someimplementations, the data processing system can be configured todetermine a second candidate node from the plurality of node devicesbased on the hash of the user agent and the network location of thefirst client device in communication with the first node device. Thedata processing system can transmit, to the first node device, anindication of the second candidate node with the indication of thecandidate node device.

In some implementations, the data processing system can be configured tostore an indication of each of the plurality of node devices inassociation with the hash of the user agent and the network location ofthe first client device. The data processing system can assign a timeout period to the indication of each of the plurality of node devices.The data processing system can select the candidate node responsive tothe time out period of the candidate node not expiring. In someimplementations, the indication of the first node can include a hash ofdata previously transmitted to the client device and a time stamp.

According to an aspect of the disclosure, a method for indirectcommunication between networked node devices can include receiving, by acommunication manager and from a first node device, an indication of auser agent and a network location of a first client device incommunication with the first node device. The method can includedetermining, by the communication manager, a candidate node from aplurality of node devices based on a hash of the user agent and thenetwork location of the first client device in communication with thefirst node device. The method can include transmitting, by thecommunication manager and to the first node device, an indication of thecandidate node to transmit to the first client device. The method caninclude receiving, by the communication manager and from the candidatenode device, a notification generated responsive to first client devicetransmitting a first set of data packets to the candidate device. Themethod can include adding, by the communication manager, an indicationof the candidate node to a node cluster comprising the first nodedevice. The method can include selecting, by the communication manager,a content item based on the node cluster. The method can includetransmitting, by the communication manager, the content item to thefirst client device.

In some implementations, the method can include embedding the indicationof the candidate node into a pixel configured to initiate communicationwith the candidate node device. The first set of data packets caninclude data previously stored on the first client device by thecandidate node and an identification of the first node device. Thenotification can include an identification of the candidate node and anidentification of the first node device. The method can includetransmitting, by the communication manager, a cluster identifier of thenode cluster to a second node device. The method can include receiving,by the communication manager, the cluster identifier from the clientdevice responsive to the client device communicating with the secondnode device.

In some implementations, the method can include determining, by thecommunication manager, a second candidate node from the plurality ofnode devices based on the hash of the user agent and the networklocation of the first client device in communication with the first nodedevice. The method can include transmitting, by the communicationmanager and to the first node device, an indication of the secondcandidate node with the indication of the candidate node device.

In some implementations, the method can include storing an indication ofeach of the plurality of node devices in association with the hash ofthe user agent and the network location of the first client device. Themethod can include assigning a time out period to the indication of eachof the plurality of node devices. In some implementations, the methodcan include selecting the candidate node responsive to the time outperiod of the candidate node not expiring. The indication of the firstnode can include a hash of data previously transmitted to the clientdevice and a time stamp.

According to an aspect of the disclosure, a non-transitory computerreadable storage medium can store instructions that when executed by oneor more data processors, cause the one or more data processors toreceive an indication of a user agent and a network location of a firstclient device in communication with the first node device. Theinstructions can also cause the data processing system to determine acandidate node from a plurality of node devices based on a hash of theuser agent and the network location of the first client device incommunication with the first node device. The instructions can cause thedata processing system to transmit, by the communication manager and tothe first node device, an indication of the candidate node to transmitto the first client device. The instructions can cause the dataprocessing system to receive, by the communication manager and from thecandidate node device, a notification generated responsive to firstclient device transmitting a first set of data packets to the candidatedevice. The instructions can cause the data processing system to add, bythe communication manager, an indication of the candidate node to a nodecluster comprising the first node device. The instructions can cause thedata processing system to select, by the communication manager, acontent item based on the node cluster. The instructions can cause thedata processing system to transmit, by the communication manager, thecontent item to the first client device.

In some implementations, the instructions can cause the data processingsystem to transmit, by the communication manager, a cluster identifierof the node cluster to a second node device. The instructions can causethe data processing system to receive, by the communication manager, thecluster identifier from the client device responsive to the clientdevice communicating with the second node device.

According to an aspect of the disclosure, a method can includereceiving, by a communication manager and from a client device incommunication with a first node device, a request for a connection to asecond node device. The request can include a hash of data stored on theclient device by the first node device. The method can includeselecting, by the communication manager, a candidate node based on thehash of the data stored on the client device by the first node device.The method can include selecting, by the communication manager, a nodecluster based on the hash of the data stored on the client device and anindication of the first node device. The node cluster can include a nodecluster identification. The method can include transmitting, by thecommunication manager to the client device, the node clusteridentification and a node location to establish a connection between theclient device and the candidate node device. The method can includeupdating, by the communication manager, the node cluster to include thecandidate node based on receiving a notification from the candidate nodethat the client device established a connection with the candidate nodedevice.

In some implementations, the method can include embedding the nodelocation into a pixel configured to initiate communication with thecandidate node device. The method can include decorating a link with thenode location to redirect a connection to a third node to the candidatenode device. The notification can include an identification of thecandidate node and an identification of the first node device.

The method can include transmitting, by the communication manager, theupdated node cluster identification to the client device. The method caninclude selecting, by the communication manager, the candidate node froma plurality of node devices based on a hash including a user agent and anetwork location of the client device.

The method can include storing an indication of the candidate node inassociation with the hash of the data stored on the client device. Themethod can include assigning a time out period to the indication of thecandidate node device. The method can include selecting the candidatenode responsive to a time out period of the candidate node not expiring.

According to an aspect of the disclosure a system indirect communicationbetween node devices can include a communication interface and aprocessor executing a connection manager. The communication interfacecan be configured to receive, from a client device in communication witha first node device, a request for a connection to a second node device.The request can include a hash of data stored on the client device bythe first node device. The communication manager can be configured todetermine a candidate node based on the hash of the data stored on theclient device by the first node device. The communication manager can beconfigured to select a node cluster based on the hash of the data storedon the client device and an indication of the first node device. Thenode cluster can have a node cluster identification. The interface canbe configured to transmit to the client device the node clusteridentification and a node location to establish a connection between theclient device and the candidate node device. The communication managercan be configured to update the node cluster based on receiving anotification from the candidate node that the client device establisheda connection with the candidate node device.

In some implementations, the communication manager can be configured toembed the node location into a pixel configured to initiatecommunication with the candidate node device. The communication managercan be configured to decorate a link with the node location to redirecta connection to a third node to the candidate node device.

The notification can include an identification of the candidate node andan identification of the first node device. The communication managercan be configured to transmit the updated node cluster identification tothe client device. The communication manager can be configured to selectthe candidate node from a plurality of node devices based on a hashincluding a user agent and a network location of the client device. Thecommunication manager can be configured to store an indication of thecandidate node in association with the hash of the data stored on theclient device, and assign a time out period to the indication of thecandidate node device.

The communication manager can be configured to select the candidate noderesponsive to a time out period of the candidate node not expiring. Theindication of the first node can include a hash of data previouslytransmitted to the client device and a time stamp.

According to one aspect, a method can include receiving, by a clientdevice from a first node device, a content item that can include a URLto establish a connection with a second node device. The content itemcan include processor executable instructions provided by acommunication manager. The method can include transmitting, by theclient device to the communication manager, a request for a candidatenode responsive to execution of the processor executable instructionsprovided by the communication manager. The method can include receiving,by the client device and from the communication manager, an indicationof a candidate node device. The method can include modifying, by theclient device, the URL to establish a connection with the candidate nodedevice. The method can include transmitting, by the client device andbased on a selection of the URL, an indication of the first node deviceto the candidate node and a web cookie previously transmitted to theclient device by the candidate node device. The method can includereceiving, from the candidate node by the communication manager, anotification generated responsive to the candidate node receiving theweb cookie previously transmitted to the client device by the candidatenode device. The notification can include the indication of the firstnode device. The method can include generating, based on receiving thenotification, a node cluster that can include the first node device andthe candidate node device.

In some implementations, the method can include receiving, by thecommunication manager from the client device, a content request. Themethod can include selecting, by the communication manager, a contentitem based on the node cluster can include the first node device and thecandidate node device. The method can include transmitting, by thecommunication manager, the content item to the client device responsiveto the content request.

The method can include modifying the URL to include the indication ofthe second node device as a link parameter. The method can includeautomatically establishing a connection with the second node deviceresponsive to transmitting the indication of the first node device tothe candidate node device. The notification can include the indicationof the first node device and an indication of the candidate node deviceas link parameters. The request for the candidate node device caninclude a hash of a user agent of the client device.

According to one aspect of the disclosure, a system can include a clientdevice and a communication manager. The client device can be configuredto receive, from a first node device, a content item that can include aURL to establish a connection with a second node device. The contentitem can include processor executable instructions provided by acommunication manager. The client device can transmit to thecommunication manager a request for a candidate node device responsiveto execution of the processor executable instructions provided by thecommunication manager. The client device can receive from thecommunication manager an indication of a candidate node device. Theclient device can modify the URL to establish a connection with thecandidate node device. The client device can transmit, based on aselection of the URL, an indication of the first node device to thecandidate node device and a web cookie previously transmitted to theclient device by the candidate node device. The communication managercan receive, from the candidate node device, a notification generatedresponsive to the candidate node device receiving the web cookiepreviously transmitted to the client device by the candidate nodedevice. The notification can include the indication of the first nodedevice. The communication manager can generate, based on receiving thenotification, a node cluster that can include the first node device andthe candidate node device.

The communication manager can receive from the client device a contentrequest. The communication manager can select a content item based onthe node cluster that can include the first node device and thecandidate node device. The communication manager can transmit thecontent item to the client device responsive to the content request.

In some implementations, the modified URL can include the indication ofthe second node device as a link parameter. The client device canautomatically establish a connection with the second node deviceresponsive to transmitting the indication of the first node device tothe candidate node device. The notification can include the indicationof the first node device and an indication of the candidate node deviceas link parameters. The request for the candidate node device caninclude a hash of a user agent of the client device.

FIG. 5 illustrates a block diagram of an implementation of a computersystem 500. The computer system or computing device 500 can include orbe used to implement the system 100 or its components such as thecommunication manager 106. The computing system 500 includes a bus 505or other communication component for communicating information and aprocessor 510 or processing circuit coupled to the bus 505 forprocessing information. The computing system 500 can also include one ormore processors 510 or processing circuits coupled to the bus forprocessing information. The computing system 500 also includes mainmemory 515, such as a random access memory (RAM) or other dynamicstorage device, coupled to the bus 505 for storing information, andinstructions to be executed by the processor 510. The main memory 515can be or include the connection database 114 and cluster database 118.The main memory 515 can also be used for storing position information,temporary variables, or other intermediate information during executionof instructions by the processor 510. The computing system 500 mayfurther include a read only memory (ROM) 520 or other static storagedevice coupled to the bus 505 for storing static information andinstructions for the processor 510. A storage device 525, such as asolid state device, magnetic disk, or optical disk, can be coupled tothe bus 505 to persistently store information and instructions. Thestorage device 525 can include or be part of the connection database 114and/or the cluster database 118.

The computing system 500 may be coupled via the bus 505 to a display535, such as a liquid crystal display, or active matrix display, fordisplaying information to a user. An input device 530, such as akeyboard including alphanumeric and other keys, may be coupled to thebus 505 for communicating information and command selections to theprocessor 510. The input device 530 can include a touch screen display535. The input device 530 can also include a cursor control, such as amouse, a trackball, or cursor direction keys, for communicatingdirection information and command selections to the processor 510 andfor controlling cursor movement on the display 535. The display 535 canbe part of a data processing system (such as the communication manager106), the client device 102, or other components of FIG. 1.

The processes, systems and methods described herein can be implementedby the computing system 500 in response to the processor 510 executingan arrangement of instructions contained in main memory 515. Suchinstructions can be read into main memory 515 from anothercomputer-readable medium, such as the storage device 525. Execution ofthe arrangement of instructions contained in main memory 515 causes thecomputing system 500 to perform the illustrative processes describedherein. One or more processors in a multi-processing arrangement mayalso be employed to execute the instructions contained in main memory515. Hard-wired circuitry can be used in place of or in combination withsoftware instructions together with the systems and methods describedherein. Systems and methods described herein are not limited to anyspecific combination of hardware circuitry and software.

Although an example computing system has been described in FIG. 3, thesubject matter including the operations described in this specificationcan be implemented in other types of digital electronic circuitry, or incomputer software, firmware, or hardware, including the structuresdisclosed in this specification and their structural equivalents, or incombinations of one or more of them.

For situations in which the systems discussed herein collect personalinformation about users, or may make use of personal information, theusers may be provided with an opportunity to control whether programs orfeatures that may collect personal information (e.g., information abouta user's social network, social actions or activities, a user'spreferences, or a user's location), or to control whether or how toreceive content from a content server or other data processing systemthat may be more relevant to the user. In addition, certain data may beanonymized in one or more ways before it is stored or used, so thatpersonally identifiable information is removed when generatingparameters. For example, a user's identity may be anonymized so that nopersonally identifiable information can be determined for the user, or auser's geographic location may be generalized where location informationis obtained (such as to a city, postal code, or state level), so that aparticular location of a user cannot be determined. Thus, the user mayhave control over how information is collected about him or her and usedby the content server.

The subject matter and the operations described in this specificationcan be implemented in digital electronic circuitry, or in computersoftware, firmware, or hardware, including the structures disclosed inthis specification and their structural equivalents, or in combinationsof one or more of them. The subject matter described in thisspecification can be implemented as one or more computer programs, e.g.,one or more circuits of computer program instructions, encoded on one ormore computer storage media for execution by, or to control theoperation of, data processing apparatuses. Alternatively or in addition,the program instructions can be encoded on an artificially generatedpropagated signal, e.g., a machine-generated electrical, optical, orelectromagnetic signal that is generated to encode information fortransmission to suitable receiver apparatus for execution by a dataprocessing apparatus. A computer storage medium can be, or be includedin, a computer-readable storage device, a computer-readable storagesubstrate, a random or serial access memory array or device, or acombination of one or more of them. While a computer storage medium isnot a propagated signal, a computer storage medium can be a source ordestination of computer program instructions encoded in an artificiallygenerated propagated signal. The computer storage medium can also be, orbe included in, one or more separate components or media (e.g., multipleCDs, disks, or other storage devices). The operations described in thisspecification can be implemented as operations performed by a dataprocessing apparatus on data stored on one or more computer-readablestorage devices or received from other sources.

The terms “data processing system”, “computing device”, “component”, or“data processing apparatus” encompass various apparatuses, devices, andmachines for processing data, including by way of example a programmableprocessor, a computer, a system on a chip, or multiple ones, orcombinations of the foregoing. The apparatus can include special purposelogic circuitry, e.g., an FPGA (field programmable gate array) or anASIC (application specific integrated circuit). The apparatus can alsoinclude, in addition to hardware, code that creates an executionenvironment for the computer program in question, e.g., code thatconstitutes processor firmware, a protocol stack, a database managementsystem, an operating system, a cross-platform runtime environment, avirtual machine, or a combination of one or more of them. The apparatusand execution environment can realize various different computing modelinfrastructures, such as web services, distributed computing and gridcomputing infrastructures. The components described above in relation toFIG. 1 can include or share one or more data processing apparatuses,systems, computing devices, or processors.

A computer program (also known as a program, software, softwareapplication, app, script, or code) can be written in any form ofprogramming language, including compiled or interpreted languages,declarative or procedural languages, and can be deployed in any form,including as a stand-alone program or as a module, component,subroutine, object, or other unit suitable for use in a computingenvironment. A computer program can correspond to a file in a filesystem. A computer program can be stored in a portion of a file thatholds other programs or data (e.g., one or more scripts stored in amarkup language document), in a single file dedicated to the program inquestion, or in multiple coordinated files (e.g., files that store oneor more modules, sub-programs, or portions of code). A computer programcan be deployed to be executed on one computer or on multiple computersthat are located at one site or distributed across multiple sites andinterconnected by a communication network.

The processes and logic flows described in this specification can beperformed by one or more programmable processors executing one or morecomputer programs (e.g., components of the communication manager 106) toperform actions by operating on input data and generating output. Theprocesses and logic flows can also be performed by, and apparatuses canalso be implemented as, special purpose logic circuitry, e.g., an FPGA(field programmable gate array) or an ASIC (application-specificintegrated circuit). Devices suitable for storing computer programinstructions and data include all forms of non-volatile memory, mediaand memory devices, including by way of example semiconductor memorydevices, e.g., EPROM, EEPROM, and flash memory devices; magnetic disks,e.g., internal hard disks or removable disks; magneto optical disks; andCD ROM and DVD-ROM disks. The processor and the memory can besupplemented by, or incorporated in, special purpose logic circuitry.

The subject matter described herein can be implemented in a computingsystem that includes a back-end component, e.g., as a data server, orthat includes a middleware component, e.g., an application server, orthat includes a front-end component, e.g., a client computer having agraphical user interface or a web browser through which a user caninteract with an implementation of the subject matter described in thisspecification, or a combination of one or more such back-end,middleware, or front-end components. The components of the system can beinterconnected by any form or medium of digital data communication,e.g., a communication network. Examples of communication networksinclude a local area network (LAN) and a wide area network (WAN), aninter-network (e.g., the Internet), and peer-to-peer networks (e.g.,ad-hoc peer-to-peer networks).

The computing system such as system 100 or system 500 can includeclients and servers. A client and server are generally remote from eachother and typically interact through a communication network (e.g., thenetwork 110). The relationship of client and server arises by virtue ofcomputer programs running on the respective computers and having aclient-server relationship to each other. In some implementations, aserver transmits data (e.g., data packets representing a content item)to a client device (e.g., for purposes of displaying data to andreceiving user input from a user interacting with the client device).Data generated at the client device (e.g., a result of the userinteraction) can be received from the client device at the server (e.g.,received by the data processing system from the client device or thecontent provider computing device or the service provider computingdevice).

While operations are depicted in the drawings in a particular order,such operations are not required to be performed in the particular ordershown or in sequential order, and all illustrated operations are notrequired to be performed. Actions described herein can be performed in adifferent order.

The separation of various system components does not require separationin all implementations, and the described program components can beincluded in a single hardware or software product.

Having now described some illustrative implementations, it is apparentthat the foregoing is illustrative and not limiting, having beenpresented by way of example. In particular, although many of theexamples presented herein involve specific combinations of method actsor system elements, those acts and those elements may be combined inother ways to accomplish the same objectives. Acts, elements, andfeatures discussed in connection with one implementation are notintended to be excluded from a similar role in other implementations orimplementations.

The phraseology and terminology used herein is for the purpose ofdescription and should not be regarded as limiting. The use of“including”, “comprising”, “having”, “containing”, “involving”,“characterized by”, “characterized in that”, and variations thereofherein, is meant to encompass the items listed thereafter, equivalentsthereof, and additional items, as well as alternate implementationsconsisting of the items listed thereafter exclusively. In oneimplementation, the systems and methods described herein consist of one,each combination of more than one, or all of the described elements,acts, or components.

Any references to implementations or elements or acts of the systems andmethods herein referred to in the singular may also embraceimplementations including a plurality of these elements, and anyreferences in plural to any implementation or element or act herein mayalso embrace implementations including only a single element. Referencesin the singular or plural form are not intended to limit the presentlydisclosed systems or methods, their components, acts, or elements tosingle or plural configurations. References to any act or element beingbased on any information, act or element may include implementationswhere the act or element is based at least in part on any information,act, or element.

Any implementation disclosed herein may be combined with any otherimplementation or embodiment, and references to “an implementation”,“some implementations”, “one implementation”, or the like are notnecessarily mutually exclusive and are intended to indicate that aparticular feature, structure, or characteristic described in connectionwith the implementation may be included in at least one implementationor embodiment. Such terms as used herein are not necessarily allreferring to the same implementation. Any implementation may be combinedwith any other implementation, inclusively or exclusively, in any mannerconsistent with the aspects and implementations disclosed herein.

References to “or” may be construed as inclusive so that any termsdescribed using “or” may indicate any of a single, more than one, andall of the described terms. For example, a reference to “at least one of‘A’ and ‘B’” can include only ‘A’, only ‘B’, as well as both ‘A’ and ‘B’Such references used in conjunction with “comprising” or other openterminology can include additional items.

Where technical features in the drawings, detailed description, or anyclaim are followed by reference signs, the reference signs have beenincluded to increase the intelligibility of the drawings, detaileddescription, and claims. Accordingly, neither the reference signs northeir absence have any limiting effect on the scope of any claimelements.

The systems and methods described herein may be embodied in otherspecific forms without departing from the characteristics thereof. Theforegoing implementations are illustrative rather than limiting of thedescribed systems and methods. Scope of the systems and methodsdescribed herein is thus indicated by the appended claims, rather thanthe foregoing description, and changes that come within the meaning andrange of equivalency of the claims are embraced therein.

What is claimed:
 1. A method for indirect communication betweennetworked node devices, comprising: providing, by a data processingsystem to a first node device, a first script, the first scriptconfigured to execute on the first node device, execution of the firstscript causing the first node device to: request a first identificationfrom a client device responsive to establishing a first connection withthe client device; update an information resource by updating one ormore addresses of the information resource using the firstidentification; and transmit the updated information resource to theclient device; providing, by the data processing system to a second nodedevice, a second script, the second script configured to execute on thesecond node device, execution of the second script causing the secondnode device to: establish a second connection with the client device inresponse to a selection of the updated information resource; retrievethe first identification from the updated one or more addresses; requesta second identification from the client device; and transmit the firstidentification and the second identification to the data processingsystem; and storing, by the data processing system, an associationbetween the first identification and the second identification and anode cluster identification.
 2. The method of claim 1, wherein executionof the second script causes the second node device to link the firstidentification and the second identification; and wherein storing theassociation between the first identification and the secondidentification and the node cluster identification is performedresponsive to identifying the link between the first identification andthe second identification.
 3. The method of claim 1, further comprising:receiving, by the data processing system, a content request, the contentrequest comprising the node cluster identification; selecting, by thedata processing system, a content item based on the node clusteridentification; and transmitting, by the data processing system, thecontent item to the client device.
 4. The method of claim 1, whereinstoring the association between the first identification and the secondidentification and the node cluster identification comprises appending,by the data processing system, the first identification or the secondidentification to a list of node devices, wherein each node device ofthe list of node devices is associated with the node clusteridentification.
 5. The method of claim 1, wherein execution of the firstscript causes the first node device to update the one or more addressesof the information resource by further including a first web location ofthe second node device in the one or more addresses.
 6. The method ofclaim 5, wherein execution of the first script causes the first nodedevice to include the first web location of the second node device inthe one or more addresses by replacing a second web location of a thirdnode device with the first web location of the second node device. 7.The method of claim 5, wherein execution of the first script causes thefirst node device to further include a second web location of a thirdnode device in the one or more addresses, and wherein execution of thesecond script causes the second node device to redirect the clientdevice to the second web location of the third node device subsequent toestablishing the second connection with the client device.
 8. The methodof claim 5, wherein execution of the first script causes the first nodedevice to update the one or more addresses of the information resourceby including the first web location in the information resource as auniform resource locator parameter.
 9. The method of claim 1, whereinexecution of the first script further causes the first node device togenerate a user interface comprising the updated information resource.10. The method of claim 9, wherein the client device receives theselection of the updated information resource via a user selection onthe user interface.
 11. The method of claim 1, wherein execution of thefirst script further causes the first node device to: receive the firstidentification from the client device in a first first-party cookie; andwherein execution of the second script further causes the second nodedevice to: receive the second identification from the client device in asecond first-party cookie.
 12. A system for indirect communicationbetween networked node devices, the system comprising: a memory; and aprocessor coupled to the memory, the processor configured to: provide,to a first node device, a first script, the first script configured toexecute on the first node device, execution of the first script causingthe first node device to: request a first identification from a clientdevice responsive to establishing a first connection with the clientdevice; update an information resource by updating one or more addressesof the information resource using the first identification; and transmitthe updated information resource to the client device; provide, to asecond node device, a second script, the second script configured toexecute on the second node device, execution of the second scriptcausing the second node device to: establish a second connection withthe client device in response to a selection of the updated informationresource; retrieve the first identification from the updated one or moreaddresses; request a second identification from the client device; andtransmit the first identification and the second identification to thedata processing system; and store an association between the firstidentification and the second identification and a node clusteridentification.
 13. The system of claim 12, wherein execution of thesecond script causes the second node device to link the firstidentification and the second identification; and wherein the processoris configured to store the association between the first identificationand the second identification and the node cluster identificationresponsive to an identification of the link between the firstidentification and the second identification.
 14. The system of claim12, wherein the processor is further configured to: receive a contentrequest, the content request comprising the node cluster identification;select a content item based on the node cluster identification; andtransmit the content item to the client device.
 15. The system of claim12, wherein the processor is configured to store the association betweenthe first identification and the second identification and the nodecluster identification by appending the first identification or thesecond identification to a list of node devices, wherein each nodedevice of the list of node devices is associated with the node clusteridentification.
 16. The system of claim 12, wherein execution of thefirst script causes the first node device to update the one or moreaddresses of the information resource by further including a first weblocation of the second node device in the one or more addresses.
 17. Thesystem of claim 16, wherein execution of the first script causes thefirst node device to include the first web location of the second nodedevice in the one or more addresses by replacing a second web locationof a third node device with the first web location of the second nodedevice.
 18. The system of claim 16, wherein execution of the firstscript causes the first node device to further include a second weblocation of a third node device in the one or more addresses, andwherein execution of the second script causes the second node device toredirect the client device to the second web location of the third nodedevice subsequent to establishing the second connection with the clientdevice.
 19. The system of claim 16, wherein execution of the firstscript causes the first node device to update the one or more addressesof the information resource by further including the first web locationin the information resource as a uniform resource locator parameter. 20.The system of claim 12, wherein execution of the first script furthercauses the first node device to generate a user interface comprising theupdated information resource.